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Abstract  -  Coalition  operations  rely  on  the  fusion , 
sharing  and  dissemination  of  information  for  a  network 
of  disparate  Intelligence ,  Surveillance  and 
Reconnaissance  (ISR)  assets  such  as  sensors ,  sensing 
platforms ,  human  intelligence ,  data  fusion  and 
networking  elements .  One  prominent  aspect  of  this 
research  is  the  design  of  policy-aware  fusion ,  that  is, 
fusion  that  takes  policy  related  to  security,  resource 
control,  command-and-control,  etc .  into  account 
Processes  are  described  for  development  of  fusion 
algorithms  and  policy  protocols  that  will  enable  rapid 
assembly/dynamic  control  of  ISR  assets  and  associated 
policy  agreements  that  govern  the  sharing  and 
dissemination  of  information  to  support  multiple 
concurrent  coalition  missions . 

Keywords:  Network  fusion,  policy-based  security 
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1  Introduction  and  Motivation 

In  this  paper,  we  describe  research  from  the  International 
Technology  Alliance  (IT A)  in  Network  and  Information 
Sciences  focusing  on  information  fusion  and 
dissemination  for  a  network  of  Intelligence,  Surveillance 
and  Reconnaissance  (ISR)  assets.  The  ITA  consists  of 
government,  industrial  and  academic  researchers  from  the 
United  States  (US)  and  the  United  Kingdom  (UK)  that 
jointly  conduct  collaborative  research  focused  on 
enhancing  distributed,  secure,  and  flexible  decision¬ 
making  to  improve  networked  coalition  operations  [1]. 

The  overall  aim  of  the  research  described  in  this 
paper  is  to  enable  the  assembly  and  dynamic  control  of 
ISR  sensors,  platforms  and  networks  to  support  multiple 
concurrent  coalition  missions.  A  coalition  operation 


usually  entails  an  ad  hoc  arrangement  between  two  or 
more  organizations  that  act  together  to  pursue  a  common 
objective.  Such  a  coalition  will  bring  together  two  or 
more  organizations  with  their  own  inherent  restrictions  on 
how  they  are  allowed  to  operate  which  are  usually  stated 
as  a  set  of  policies  (including  security  and  legal  policies). 
Within  such  an  ad  hoc  coalition,  ad  hoc  Communities  of 
Interest  (Col's)  come  together,  perhaps  for  only  a  short 
time,  with  different  sensors,  sensor  platforms,  data  fusion 
elements,  and  networks,  to  conduct  a  task  (or  set  of  tasks) 
with  different  coalition  members  taking  different  roles. 

The  task  of  information  fusion  from  the  variety  of 
sensors  is  a  complex  task,  which  is  rendered  even  more 
complex  when  undertaken  in  the  context  of  a  coalition 
operation.  One  component  of  ITA  research  focuses  on 
improving  fusion  algorithms,  while  another  component 
looks  at  addressing  the  complexities  that  arise  due  to 
coalition  operations. 

Section  2  of  this  paper  describes  the  context  and 
scope  of  ITA  research  dealing  with  enhanced  information 
fusion  while  Section  3  provides  an  overview  of  the  issues 
and  challenges  encountered  in  performing  ISR  in  the 
context  of  a  coalition  operation.  Section  4  then  provides  a 
policy  based  approach  to  address  the  challenges  of 
information  fusion  in  a  coalition  context.  Finally,  we 
present  the  directions  for  future  research  in  Section  5. 

2  Enhanced  Information  Fusion 

An  ISR  network  is  an  adaptive  ad-hoc  network  of 
ISR  sensors,  other  sources  of  data  (e.g.,  humans), 
platforms,  communication  systems,  etc.,  that  provides 
actionable  Information  and  Intelligence  (12)  to  its 
customers.  The  sensors  may  exhibit  heterogeneity  in  a 
variety  of  dimensions  including  passive  or  active,  field  of 
view  and  regard,  range  and  modality  (e.g.,  biometric, 
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acoustic,  radar);  similarly,  there  may  be  significant 
heterogeneity  in  the  other  elements  of  an  ISR  network. 

ISR  sensors  for  distributed  ground  operations  can  be 
categorized  into  low-resolution  or  “activity”  sensors  and 
high-resolution  sensors.  Activity  sensors  are  typically 
inexpensive,  passive  and  low-power  sensors,  and  they  can 
provide  persistent  sensing  and  broad- area  coverage. 
Some  of  the  commonly  used  activity  sensors  are  acoustic, 
seismic,  magnetic,  passive  IR  (PIR),  and 
chemical/biological.  To  enhance  the  probability  of 
detection  while  reducing  the  probability  of  false  alarm, 
many  sensor  systems  take  advantage  of  the  orthogonal 
and  complementary  information  gain  from  multi-modal 
fusion  of  several  activity  sensors,  an  example  being 
personnel  detection  via  foot  steps  tracking  [3].  High- 
resolution  sensors,  on  the  other  hand,  are  generally  more 
expensive,  active  and  high-power  sensors.  They  typically 
include  day-night  video  and  electro-optic  (EO)  cameras 
and  imagers. 

For  distributed  ground  operations,  Unattended 
Ground  Sensors  (UGS)  are  the  most  reliable  and 
frequently  used  ISR  systems.  UGS  systems  can  be 
employed/deployed  to  cover  large  areas  in  open  terrain 
(e.g.,  border  region)  or  in  restricted  areas  such  as  urban 
environments,  and  used  in  several  scenarios  [4]. 

As  the  coalition  operations  become  more  dynamic  in 
complex  environments,  multi-modal  sensor  systems  need 
to  be  distributed  in  space  and  in  time.  As  such,  the  mobile 
ground  and  aerial  sensing  platforms  are  becoming  more 
important.  For  ISR  applications,  the  mobile  ground 
platforms  include  military  HMMWV’s,  unmanned  ground 
vehicles  (UGV’s)  and  small  robotic  vehicles  (e.g., 
Packbot)  [5];  and  aerial  platforms  include  unmanned 
aerial  vehicles  (UAV’s)  and  aerostats/balloons  [6].  These 
mobile  platforms  often  provide  area  coverage  gaps  or  ad- 
hoc  network  connectivity;  carry  expensive  high-end/high- 
resolution  sensor  payloads;  are  shared  assets  supporting 
multiple  missions;  are  tasks  to  move  to  the  locations  of 
interest  for  further  ISR  information  gathering  or 
confirmation;  and/or  provide  communication  relays  or 
links  for  exfiltration  of  ISR  information. 

To  process  the  information  from  the  various  ISR 
assets,  a  network  needs  to  have  an  efficient  mechanism  to 
distribute  the  information  as  well  as  efficient  algorithms 
to  analyze  the  gathered  intelligence.  In  the  next  few 
sections,  we  describe  a  sensor  fabric  developed  for  the 
information  distribution  mechanism  and  the  various 
enhanced  fusion  algorithms  that  are  being  researched. 

2.1  Sensor  Fabric 

The  Sensor  Messaging  Fabric  or  Sensor  Fabric  [13]  is  an 
infrastructure  that  provides  an  effective  and 
straightforward  way  to  interconnect  disparate  ISR  sensors 
and  systems.  The  fabric  uses  commercially  available 
messaging  software  to  build  a  flexible  information 
collection  and  dissemination  infrastructure  [10]. 


A  typical  messaging  system  [11,  12]  provides  the 
abstractions  of  multiple  virtual  message  queues  that  are 
supported  in  a  distributed  manner.  Each  of  the  queues  is 
named,  such  a  name  being  usually  referred  to  as  the 
subject  or  topic  name  of  the  queue.  The  subject  or  topic 
name  is  the  mechanism  to  link  publishers  (e.g.,  data  and 
information  produced  by  the  ISR  assets)  and  subscribers 
(e.g.,  fusion  nodes  or  end-users)  of  information. 
Publishers  produce  messages  on  a  particular  subject  or 
topic  name,  and  subscribers  register  interest  in  specific  set 
of  subjects.  Once  an  application  registers  interest  on  a 
subject  topic,  it  receives  the  messages  that  are  created  by 
the  publishers  of  that  topic.  Information  is  pushed  to 
subscribing  applications  as  it  is  generated.  Publishers  and 
subscribers  can  join  and  leave  at  any  time.  The 
middleware  is  responsible  for  routing  messages  between 
the  publishers  and  the  subscribers. 

A  typical  implementation  of  the  messaging 
architecture  would  be  through  one  or  more  message 
brokers.  End  clients  or  agents  register  with  a  message 
broker,  their  interest  in  a  topic  to  receive  messages,  and 
also  send  any  messages  tagged  with  the  topic  name  on 
which  it  is  published,  to  the  message  broker.  The  brokers 
manage  information  about  the  topology  of  the  different 
publishers  and  subscribers  and  route  messages  between 
them.  Messaging  systems  provide  additional  mechanisms 
to  filter,  fuse,  analyze  and  perform  various  kinds  of  access 
control  on  the  messages  that  are  required  for  robust 
operation  in  an  enterprise  context. 

A  message  queue  based  sensor  fabric  connects 
different  sensors  using  a  message  queue.  Each  of  the 
sensors  is  a  publisher  on  one  or  more  topics  and  different 
sensor  processing  elements  receive  the  information  on  a 
published  topic.  Logically,  the  sensor  fabric  allows  all 
ISR  assets  to  be  connected  to  one  or  more  virtual  queues 
(topics).  In  order  to  facilitate  its  operation,  the  messaging 
fabric  introduces  the  concept  of  a  sensor  catalogue  and  a 
fabric  manager.  The  sensor  catalogue  is  used  to 
automatically  detect  any  new  ISR  assets  that  are 
connected  to  the  fabric  and  deploy  the  right  software 
modules  to  read  information  from  that  asset.  The  fabric 
manager  is  responsible  for  managing  the  topics  that 
interconnect  the  different  elements  of  the  ISR  network. 

In  summary,  the  sensor  fabric  is  used  for 
interconnecting  the  various  disparate  elements  in  the  ISR 
network,  with  these  elements  performing  different  types 
of  fusion  functions. 

2.2  Multi-modal  and  Information  Fusion 

Enhanced  information  fusion  algorithms  that  can  be 
performed  between  various  elements  include  techniques 
based  on  mutual  information  fusion  and  semantic  fusion. 
Mutual  information  is  a  measure  of  dependence  between 
two  sources  of  information  and  can  be  used  to  improve 
the  fidelity  of  fused  information.  Semantic  fusion  uses  an 
ontology  describing  the  nature  of  information  being 
processed  to  improve  the  relevance  and  quality  of  fused 
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information.  These  two  fusion  algorithms  can  be 
implemented  in  conjunction  with  the  sensor  fabric  for  a 
network  of  ISR  assets. 

2.2.1  Mutual  Information  Fusion 

In  any  ISR  operation,  information  related  to  an  event  of 
interest  is  obtained  from  a  sensor  or  a  collection  of 
sensors  with  many  different  modalities  (e.g.,  acoustic 
seismic  and  PIR)  that  have  detected  an  event  of  interest. 
One  major  objective  at  the  local  C2  is  to  classify  the  event 
via  multi-modal  fusion.  In  general,  fusion  of  mixed 
sensor  modalities  is  difficult  because  models  are  not 
known  for  the  joint  statistical  dependence  between  the 
signals.  An  information-theoretic  approach  based  on 
mutual  information  (MI)  is  being  developed  to  address 
this  problem  [14]. 

As  an  example,  assume  that  we  need  to  fuse  acoustic 
and  seismic  sensor  information  for  target  classification. 
The  MI  fusion  approach  involves  two  steps:  (1)  estimate 
the  joint  statistics  of  the  acoustic  and  seismic  signals 
using  measured  data  (training),  and  (2)  fuse  the  acoustic 
and  seismic  data  by  maximizing  a  MI  criterion.  The  result 
of  these  two  steps  is  a  set  of  features  that  combine  the 
acoustic  and  seismic  signals  to  maximize  the  information 
for  classification  of  the  targets  of  interest. 

The  MMI  features  extracted  in  this  manner  have  two 
properties  that  provide  a  sound  justification  for  their  use: 

•  Maximizing  the  MI  in  the  features  minimizes  the 
theoretical  bounds  on  the  probability  of  classification 
error; 

•  MMI  features  fully  exploit  the  class  distribution 
available  in  training  data,  rather  than  assuming  that  the 
distribution  is  Gaussian  [14]. 

Features  that  maximize  MI  are  generalizations  of  well- 
known  feature  extraction  methods  such  as  Principal 
Components  Analysis  (PCA)  and  Independent 
Component  Analysis  (ICA).  When  the  data  is  Gaussian, 
MMI  features  reduce  to  PCA  and  ICA. 

2.3  Semantically-mediated  Fusion 

Semantic  mediation  is  a  useful  technique  that  can  be  used 
when  there  is  other  semantic  information  such  as  context, 
trust  and/or  provenance  available  at  the  local  C2.  Figure 
1  shows  an  approach  in  using  semantic  information  to 
mediate  or  improve  the  fusion  process.  The  application  to 
fusion  is  a  special  case  of  a  general  framework  to  enrich 
the  data  using  ontology  based  on  semantic  information. 

Ontologies  provide  semantically  precise  methods  of 
describing  entities  or  concepts  in  a  domain  and  the 
relationships  between  them;  they  are  used  to  reason  about 
the  data/information  within  the  domain  of  interest.  This 
approach  can  augment  (without  degrading  performance)  a 
large  class  of  generic  fusion  processes. 


Sensor  Data 


Classifications 


Figure  1:  Semantically-mediated  data  fusion  architecture 
for  classification. 

In  an  initial  application  [15],  the  semantic  approach 
is  applied  to  the  problem  of  classifying  military  ground 
vehicles  with  data  from  acoustic  sensor  arrays.  In  this 
context,  semantic  data  such  as  weather,  position,  threat 
level,  etc.,  can  be  incorporated  in  to  the  fusion  process.  In 
[15],  ontological  derived  features  were  used  to  augment 
the  traditional  acoustic  harmonic  features  extracted  from 
the  power  spectra.  On  average,  the  classification  accuracy 
improved  5%  -  11%  depending  on  the  number  of 
semantic  data  features  used  for  a  5-class  ground  vehicle 
classification  problem. 

2.4  Matching  ISR  Assets  to  Missions 

The  ISR  Col  must  make  effective  and  efficient  use 
of  available  ISR  assets  to  gather,  process,  and  disseminate 
actionable  12,  while  also  retaining  sufficient  resilience  to 
react  in  a  timely  manner  to  unplanned  and  developing 
events.  This  resource  tasking  and  monitoring  and 
management  activity  must  be  undertaken  during  both  the 
planning  and  execution  (i.e.,  dynamic)  phases  of  a  set  of 
missions  and  tasks,  and  must  mesh  with  the  battle  rhythms 
of  the  various  C2  nodes. 

Within  the  IT  A  program,  research  is  underway  to 
develop  a  method  of  allocating  or  apportioning  ISR 
resources  (with  an  initial  focus  on  sensors  and  their 
platforms)  across  a  set  of  missions/tasks  in  a  manner 
which  is  aware  of  the  utility  of  the  resources  to  the 
missions/tasks,  which  integrates  the  sensor  catalogue  with 
a  sensor  ontology  and  that  exploits  knowledge  and 
market-based  approaches  [2,  7,  8,  16].  The  research  is 
also  addressing  the  spatial  deployment  of  sensors,  and  the 
dynamic  adaptation  of  the  ISR  network  to  meet  the  needs 
of  a  mission/task.  The  ultimate  aim  being  to  address  the 
issues  associated  with  dynamically  managing  a  set  of 
interacting  ISR  networks  which  if  operated  synergistically 
would  be  able  to  better  meet  the  needs  of  a  set  of  multiple 
dynamic  missions/tasks,  but  where  the  individual  ISR 
networks  have  different  local  C2’s;  in  other  words,  how  to 
manage  the  set  of  ISR  networks  as  synergistic  whole  to 
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optimize  global  utility  across  a  set  of  dynamic  missions 
where  there  is  competition  for  ISR  resource  [2,  7,  8,  9, 
16-19]. 

3  ISR  in  Coalition  Operations 

In  order  to  enable  rapid  assembly/dynamic  control  of  a 
network  of  ISR  sensors,  platforms,  and  networks  to 
support  multiple  concurrent  coalition  missions,  a  coalition 
needs  to  have  technology  to  support : 

(1)  Rapid  assembly  and  synthesis  of  disparate  ISR 
elements  including  assets  such  as  sensors  and 
platforms  and  policies  such  as  security  and 
sharing/dissemination  of  information; 

(2)  Resource  efficient  management  of  ISR  assets  to  best 
meet  the  needs  of  concurrent  competing  missions 
given  available  assets  and  their  capabilities,  security 
and  C2  policies,  and  the  environment; 

(3)  Autonomous  or  semi-autonomous,  (re)configuration 
and  (re)tasking  of  ISR  assets  to  adapt  to  changing 
conditions  and  missions; 

(4)  Proof  that  negotiated  policies  maintain  security,  legal 
and  interoperability  requirements  throughout 
operations. 

In  a  typical  coalition  operation,  an  ISR  community 
of  interest  (Col)  is  dynamically  formed  to  conduct  joint 
coalition  operations.  The  ISR  Col  will  operate  across  a 
number  of  levels  of  command,  and  will  thus  include  a 
number  of  more  focused  Col’s  within  the  overall  Col.  An 
ISR  Col  can  be  an  ad-hoc  team  consisting  of  possibly 
multiple  coalition  partners  executing  multiple  concurrent 
missions/tasks  such  as  border/perimeter  reconnaissance 
and  surveillance,  camp  site  surveillance,  and 
detection/classification  of  human  activities  in 
concealed/confmed  spaces  or  locations  of  human 
infrastructures.  A  Col  brings  together  collections  of  ISR 
assets,  individualized  missions  or  objectives,  and  sets  of 
policies  that  govern  information  security  and  fusion  and 
sharing/dissemination  of  information.  The  first  step  is  to 
negotiate  and  develop  joint  ISR  plans  and  ISR  asset 
deployment  configurations.  Given  a  set  of  negotiated 
missions  and  ISR  assets,  the  objective  is  to  maximize  the 
utility  of  the  information  derived  from  the  ISR  network 
while  considering  resource  constraints,  asset-to-mission 
assignments,  policy-based  security,  fusion/filtering  and 
networking  conditions.  The  second  step  is  to  deploy  the 
mechanisms,  configurations  and  policies  to  meet  coalition 
ISR  plans  that  then  adapts  the  ISR  network  to  meet 
missions  and  priorities  and  to  respond  to  events  and  on- 
demand  management. 

The  requirements  on  ISR  infrastructure  in  a  coalition 
context  can  be  understood  better  by  considering  the 
motivating  scenario  described  in  the  next  subsection. 


3.1  A  Motivating  Scenario  Example 

Consider  a  typical  Peace  Support  Operation  in  which  UK 
and  US  Coalition  forces  have  been  deployed  into  a  region 
to  assist  the  indigenous  Government  forces  in  deterring 
and/or  defeating  an  active  insurgency  and 
reassuring/supporting  the  local  population.  In  such  a  case 
the  Coalition  (of  UK,  US  and  possibly  indigenous 
Government)  forces  must  operate  together  to  (a)  protect 
the  forces  in  the  region  and  (b)  dominate  the  region  (to 
protect  and  support  local  population,  and  deter/defeat  the 
insurgency).  This  requires  the  use  of  ISR  networks  to 
provide  suitable  actionable  12. 


US  Border  Site 


Figure  2.  An  ISR  network  scenario  with  distributed  UK 
and  US  border  surveillance  and  reconnaissance  operations 
and  joint  coalition  camp  site  operations. 

Simplifying  this  further  consider  a  scenario  with  a 
Coalition  base,  a  border  to  survey  (comprising  two 
relatively  open  areas  and  one  very  rugged  area),  a  main 
supply  route  (MSR)  and  a  set  of  Coalition  patrols  (both 
manned  ground  patrols  and  UAV’s);  where  the  ISR 
mission  is  to  focus  on  deterring/defeating  the  insurgency 
and  protecting  own  forces.  Such  a  case  is  illustrated  in 
Figure  2,  and  discussed  in  more  detail  below: 

•  Base  site  -  there  will  be  a  set  of  sensors  deployed  at  the 
base  including  long  range  sensors  (e.g.  an  elevated 
camera),  short  range  sensors  mounted  at  the  edge  of  the 
base  (e.g.  CCTV),  entry  point  systems  (e.g.  biometric  & 
X-ray  scanners)  and  mobile  sensors  (e.g.  troops  with 
binoculars),  and  near  to  be  base  (including  UGS  and 
patrols). 

•  Border  and  MSR  -  may  be  covered  by  a  mixture  of 
short  range  multi-modal  UGS  (as  described  above), 
wide  area  elevated  sensors  (e.g.,  an  aerostat  with  high- 
resolution  EO  imagers)  and  mobile  assets  (which  may 
be  providing  observation  posts  (OP’s)  and  check  points, 
or  cued  to  provide  a  closer  look  and/or  follow  a  target 
of  interest). 
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•  ISR  Network  -  these  sensors  are  unlikely  to  be  all 
connected  all  the  time  into  a  single  ISR  network;  this  is 
particularly  true  when  considering  mobile  assets  (which 
may  have  low  data  rate  or  voice  connectivity  most  of 
the  time,  but  will  only  sometimes  have  high  data  rate 
connectivity). 

Within  this  scenario  it  is  entirely  possible  that 
there  will  be  a  number  of  issues  and  concerns 
(expressed  as  policies)  which  impact  on  the  ISR 
network  and  associated  operations: 

•  UK,  US  and  indigenous  forces  will  wish  to  maintain  (at 
least)  a  veto  on  the  movement  of  manned  mobile  assets 
outside  the  base; 

•  UK  forces  may  be  unable  due  to  legal  restrictions, 
arising  from  different  national  Rules  of  Engagement 
(RoE),  to  pass  precise  target  locations  to  indigenous 
forces,  unless  target  identification  criteria  specifically 
matches  UK  RoE; 

•  US  forces  may  be  unable  for  security  reasons  to  expose 
the  full  capability  of  a  long  range  imaging  system  to 
indigenous  forces,  but  may  be  able  to  expose  this  to  UK 
forces  when  needed; 

•  US  forces  not  wish  to  expose  the  full  capability  of 
biometric  sensors,  as  this  may  reveal  a  weakness  in 
their  capability  which  could  then  be  exploited. 

3.2  Coalition  C2  Policies 

When  sensor  platforms  and  assets  need  to  be  operated  in 
context  of  coalitions  as  in  the  previous  scenario,  different 
policy  constraints  may  need  to  be  incorporated  in  the 
operation  of  the  ISR  assets.  A  policy  is  a  constraint 
limiting  the  configuration  and  usage  of  the  ISR  assets  in 
the  field.  The  following  are  the  broad  categories  of 
policies  that  are  applicable  in  the  context  of  ISR  assets 
and  coalition  operations: 

•  ISR  Asset  Characteristics  Exchange.  Policies  that  state 
what  information  about  sensors  and  other  ISR  assets 
can  be  exchanged  (for  the  purpose  of  establishing 
mission  matching,  to  develop  quality  of  information 
measures,  and  to  support  data  fusion)  between  coalition 
partners. 

•  Local  C2.  Policies  that  delineate  the  command 
structure,  their  roles,  their  authorizations,  and  their 
obligations  including  who  can  develop  and  modify 
missions,  taskings,  and  policies; 

•  Platform  Control.  Policies  that  define  whom,  with 
what  authentication,  and  under  what  conditions 
platforms  (e.g.  UAV’s,  UGV's,  robotic  vehicles,  etc) 
can  be  controlled,  configured,  moved,  and  re-tasked; 

•  Sensor  and  Sensor  System  Control.  Policies  that  define 
whom,  with  what  authentication,  and  under  what 
conditions  sensors  and  sensor  system  can  be  controlled, 
configured,  moved,  re-tasked; 

•  Sensor  Information  Access  Control.  Policies  that  define 
whom  (person,  C2  element,  data  fusion  element,  etc), 


with  what  authentication,  under  what  conditions,  and  in 
what  form  (i.e.,  raw,  processed,  fused)  sensor 
information  can  be  accessed; 

•  Information  Flow  Protection.  Policies  that  define  how 
information  flows  are  to  be  secured  and  protected 
confidentiality,  integrity,  etc.); 

•  Information  Dissemination.  Policies  that  describe  the 
conditions/events  under  which  information  must  be  sent 
and  to  whom;  the  conditions  and  to  whom  information 
can  be  provided  when  queried. 

The  next  section  discusses  architectures  that  can  enable 
the  specification  and  enforcement  of  such  policies. 

4  Policy  Based  Coalition  ISR 

The  key  challenge  in  extending  ISR  operations  in  the 
context  of  a  single  force  to  ISR  operations  in  the  context 
of  coalitions  is  to  have  an  architecture  that  can  support 
their  specifications  and  usage  appropriately.  There  are 
two  aspects  related  to  supporting  such  architecture  -  (i) 
have  a  system  that  can  enable  the  specification  and 
management  of  policies,  and  (ii)  have  systems  that  can 
enforce  the  policies  that  are  specified  during  the 
performance  of  the  coalition  operation. 

4.1  Policy  Management 

Each  of  these  policies  specified  previously  in  Section  3.2 
can  be  specified  and  managed  using  an  architecture  with 
three  major  components,  a  policy  manager ,  a  policy 
distributor  and  a  policy  enforcer.  The  policy  manager 
creates,  analyzes  and  transforms  the  policies  to  a  machine 
readable  format.  The  policy  distributor  ensures  that  the 
right  set  of  policies  has  been  transferred  to  the  right  policy 
enforcers,  and  the  enforcers  are  responsible  for  ensuring 
compliance  with  the  policies. 

Within  the  IT  A  program,  research  is  underway  to 
develop  a  policy  management  that  specifies,  analyzes  and 
transforms  security  policies  before  they  are  distributed  to 
the  enforcement  points.  The  architecture  that  is  used  is 
shown  in  Figure  3,  and  consists  of  policy  management 
through  four  major  stages. 

In  the  first  stage,  policies  are  specified  in 
constrained  natural  language  specifying  the  restrictions 
and  access  control  requirements  on  the  ISR  assets.  In  the 
second  stage,  these  policies  are  transformed  into  an 
abstract  representation.  The  abstract  representation  is  a 
computer  readable  representation,  but  is  not  tied  into  a 
specific  instance  of  a  computer  system.  In  this  stage,  the 
policies  are  analyzed  for  proper  refinement  and  capturing 
of  the  intent  represented  in  the  constrained  natural 
language.  In  the  third  stage,  policies  are  analyzed  for 
conflicts  that  may  exist  between  them.  If  more  than  one 
policy  set  may  be  in  effect,  conflicts  among  the  different 
sets  of  policies  are  analyzed  and  resolved.  In  the  final 
stage  of  policy  management,  policies  are  transformed  to  a 
concrete  set  that  represents  the  details  of  the  current 
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deployment,  and  then  distributed  over  to  the  different  set 
of  policy  enforcers. 


•  Access  control/Audit 

•  Data/User  models 

•  Risk  model 

■  Choices  and  Consent 

■  Info  control  flow 


■  Rule  engines 

■  XML  stores... 


Analysis 


Analysis  and 
Negotiation 


Distribution 


determine  the  right  configuration  of  ISR  assets  to  support 
the  needs  of  the  missions.  This  requires  a  tool  that 
matches  assets  to  operations  incorporating  policy  needs. 
Finally,  as  the  operation  is  underway,  the  different  ISR 
assets  need  to  be  configured  to  support  the  desired 
policies.  This  can  be  done  by  enhancing  the  sensor 
messaging  fabric  with  policy  enforcement  capability. 

Within  IT  A,  we  are  developing  the  basic  algorithms 
required  to  enable  all  operation  stages  of  the  life-cycle. 
Towards  this  goal,  our  policy  validation  and  analysis 
research  focused  on  development  of  conflict  detection  and 
validation  algorithms  for  coalition  policies.  The  approach 
taken  for  conflict  detection  is  to  map  each  policy  into  a 
region  in  a  hyper-space  whose  axes  are  defined  by  the 
different  conditions  under  which  a  policy  applies.  The  set 
of  policies  defined  by  each  coalition  member  defines 
different  regions  in  such  a  hyper-space.  Policies 
applicable  simultaneously  are  identified  by  detecting 
overlaps  in  the  region  of  the  hyper-space,  and  their 
actions  can  be  analyzed  to  detect  any  conflicts. 
Negotiations  between  coalition  members  can  then  be  used 
to  select  the  approach  that  negates  the  conflict. 


Figure  3.  Policy  management  architecture. 

The  goal  of  the  different  stages  of  policy 
management  is  to  ensure  that  policies  are  well-formulated 
and  conform  to  the  spirit  of  coalition  operations.  Once 
distributed,  the  enforcers  ensure  compliance  with  the 
policies  as  the  different  ISR  assets  and  information  are 
deployed  within  the  network.  A  key  element  of  this 
process  is  formal  analysis  to  show  proof  that  negotiated 
policies  maintain  security  and  interoperability 
requirements  throughout  operations. 

4.2  C2  Policy  Enforcement 

In  order  to  enforce  and  support  policy  operations  for  the 
control  and  operation  of  the  disparate  sensor  fusion 
operations  in  a  coalition  context,  we  need  to  combine  the 
concept  of  policy  management  for  coalition  operations 
together  with  the  interconnection  of  the  fusion  elements 
enabled  by  the  sensor  messaging  fabric. 

Policy  enforcement  in  coalition  operation  requires 
incorporating  the  impact  of  policies  in  the  three  stages 
(mission  planning,  operation  planning  and  tactical 
execution)  of  a  coalition  operation.  During  the  planning 
of  a  coalition  mission,  one  needs  to  take  into  account  the 
differences  in  the  policies  of  two  different  coalition 
members,  and  determine  any  conflicts  among  them.  The 
conflicts  in  policies  need  to  be  resolved  and  a  set  of 
policies  conformant  to  the  requirements  of  all  coalition 
members  needs  to  be  developed. 

Subsequently,  during  the  planning  of  an  ISR 
operation,  one  needs  to  determine  which  coalition 
member  is  capable  of  performing  each  type  of  required 
operation  under  existing  set  of  policies,  identify  any 
conflicts  of  operations  needs  with  mission  policies,  and 


Figure  4.  Flow  chart  for  policy  enhanced  mission-asset 
matching. 

In  order  to  augment  the  sensor  mission  matching 
tool  with  policy  considerations,  each  asset  is  annotated 
with  the  policies  available  to  it  for  sharing  with  other 
coalition  members.  Thus,  the  asset-mission  matching 
algorithm  is  augmented  to  incorporate  policies  doing  its 
search.  The  flow-chart  for  the  process  is  shown  in  Figure 
4.  Thus,  policy  enable  mission  matching  address  the 
coalition  needs  discussed  previously. 

In  order  to  augment  the  sensor  fabric  with  policy 
based  management,  we  exploit  the  flexibility  and 
adaptability  of  the  fabric  to  insert  enforcement  points 
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within  the  information  flows  carried  on  by  the  sensor 
fabric.  As  mentioned  in  section  3.1,  the  sensor  fabric 
provides  the  logical  concept  of  topics.  The  enforcement 
process  for  policy  integrated  sensor  fabric  consists  of 
defining  topics  so  that  the  flows  across  coalition  members 
are  always  constrained  to  proceed  through  policy 
enforcement  points  that  can  validate  that  the  flows 
conform  to  the  desired  policies. 

Thus,  by  enforcing  policy  mechanisms  at  each 
operational  life-stage  of  the  ISR  operation,  a  holistic 
approach  to  information  fusion  compliant  with  mission 
policies  can  be  developed.  Policy  management  addresses 
the  coalition  need  (4)  discussed  in  section  2. 

5  Conclusion 

In  this  paper,  we  describe  the  joint  research  being 
performed  in  the  ITA  in  Sensor  Information  Processing 
and  Delivery  and  Security  Across  a  System  of  Systems 
technical  areas  to  develop  fusion  and  policy  algorithms 
and  tools  to  enable  the  assembly  and  dynamic  control  of 
ISR  assets  to  support  multiple  concurrent  coalition 
missions.  We  have  discussed  the  challenges  of  fusion  in 
ISR  operations,  and  the  special  policy  requirements  that 
arise  due  to  coalition  operations.  We  have  outlined  an 
architecture  that  can  address  the  needs  of  policy 
management  and  enforcement  during  coalition  operations. 
Future  work  includes  further  development  of  the 
algorithms  and  tools,  simulations  via  the  ARL’s  Wireless 
Emulation  Lab ,  implementation  on  a  sensor  network 
testbed,  and  field  test  demonstration  of  the  technology  via 
a  network  of  disparate  UGS  systems  and  sensors  on 
mobile  platforms  such  as  UGV’s  and/or  small  UAV’s. 
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